Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Latest
Message
<blockquote data-quote="danb" data-source="post: 917564" data-attributes="member: 62850"><p>Interesting suggestions, thank you! This is kind of how AutoPilot and Smart OFF modes already work, and it gets pretty complicated, but I would like to try to understand the rules you created a little better to see if we can optimize your rules or AutoPilot / Smart OFF better.</p><p></p><p>For your first rule, VS already auto allows Windows System files, except for example we do not want to globally allow wscript (along with many other vulnerable processes). So I guess what I am asking... is VS blocking something in Windows that it should not be blocking? Windows System files are signed with a special catalog (catroot) signature, which is why when you right click on most Windows System files to check the digital signature, that tab is missing. So Windows System files are actually signed, even though they do not have digital signature that you can see in the file properties. I think Microsoft does it this way to make signing of Windows System files easier... they basically sign all of the files when they build Windows.</p><p></p><p>Having said that, there are a lot of downloadable Microsoft products, such as Process Explorer that is signed by Microsoft with a standard digital signature. Are these the types of files that your first rule is intended to cover?</p><p></p><p>For your second and third rules, this happens automatically with VS in AutoPilot and Smart OFF modes, even if you delete the one default VS Rule. But if there is a way we can optimize it, please let me know! Please keep in mind that certain folders such as AppData and ProgramData are common hiding spots for malware, so these require special attention.</p><p></p><p>Maybe the best thing to do is to run VS on AutoPilot for a while, and if blocks anything that it shouldn't, we can figure out if it really should have been blocked or not, and if not, I can fix the block for AutoPilot and Smart OFF modes (these two modes act almost identical to each other). Either way, this should be a lot of help to optimize AutoPilot and Smart OFF and your custom VS Rules. Thank you!</p></blockquote><p></p>
[QUOTE="danb, post: 917564, member: 62850"] Interesting suggestions, thank you! This is kind of how AutoPilot and Smart OFF modes already work, and it gets pretty complicated, but I would like to try to understand the rules you created a little better to see if we can optimize your rules or AutoPilot / Smart OFF better. For your first rule, VS already auto allows Windows System files, except for example we do not want to globally allow wscript (along with many other vulnerable processes). So I guess what I am asking... is VS blocking something in Windows that it should not be blocking? Windows System files are signed with a special catalog (catroot) signature, which is why when you right click on most Windows System files to check the digital signature, that tab is missing. So Windows System files are actually signed, even though they do not have digital signature that you can see in the file properties. I think Microsoft does it this way to make signing of Windows System files easier... they basically sign all of the files when they build Windows. Having said that, there are a lot of downloadable Microsoft products, such as Process Explorer that is signed by Microsoft with a standard digital signature. Are these the types of files that your first rule is intended to cover? For your second and third rules, this happens automatically with VS in AutoPilot and Smart OFF modes, even if you delete the one default VS Rule. But if there is a way we can optimize it, please let me know! Please keep in mind that certain folders such as AppData and ProgramData are common hiding spots for malware, so these require special attention. Maybe the best thing to do is to run VS on AutoPilot for a while, and if blocks anything that it shouldn't, we can figure out if it really should have been blocked or not, and if not, I can fix the block for AutoPilot and Smart OFF modes (these two modes act almost identical to each other). Either way, this should be a lot of help to optimize AutoPilot and Smart OFF and your custom VS Rules. Thank you! [/QUOTE]
Insert quotes…
Verification
Post reply
Top
